1、基于docker commit命令创建
Docker提供了docker commit命令,支持用户提交自己对定制容器的修改,并生成新的镜像。
命令格式为:docker commit CONTAINER [REPOSITORY[:TAG]]。
1.准备工作
利用ubuntu:14.04镜像创建一个容器:
[root@docker ~]# docker run -it ubuntu:14.04 /bin/bash
root@161f67ccad50:/#
更新apt缓存:
root@161f67ccad50:/# apt-get update
2.安装和配置SSH服务
选择主流的openssh-server作为服务端:
root@161f67ccad50:/# apt-get install openssh-server -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
openssh-server is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.
root@161f67ccad50:/#
如果需要正常启动SSH服务,则目录/var/run/sshd必须存在。手动创建并启动SSH服务:
root@161f67ccad50:/# mkdir -p /var/run/sshd
root@161f67ccad50:/# /usr/sbin/sshd -D &
[1] 3020
root@161f67ccad50:/#
此时查看容器的22端口:
root@161f67ccad50:/# netstat -lnutp|grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3020/sshd
tcp6 0 0 :::22 :::* LISTEN 3020/sshd
root@161f67ccad50:/#
修改SSH服务的安全登录配置,取消pam登陆限制:
root@161f67ccad50:/# sed -ri 's#session required pam_loginuid.so#session required pam_loginuid.so#g' /etc/pam.d/sshd
root@161f67ccad50:/#
在root用户家目录创建.ssh目录,并复制需要登录的公钥信息到.ssh目录下的authorized_keys中:
root@161f67ccad50:/# mkdir /root/.ssh
root@161f67ccad50:/# cd /root/.ssh
root@161f67ccad50:~/.ssh# ls
root@161f67ccad50:~/.ssh# vi /root/.ssh/authorized_keys
创建自启动的SSH服务可执行文件run.sh,并添加可执行权限:
root@161f67ccad50:/# cat run.sh
#!/bin/bash
/usr/sbin/sshd -D &
root@161f67ccad50:/# chmod +x run.sh
root@161f67ccad50:/#
退出容器:
root@161f67ccad50:/# exit
exit
[root@docker ~]#
3.保存镜像
将退出的容器用docker commit命令保存为一个新的sshd:ubuntu镜像:
[root@docker ~]# docker commit 161f67ccad50 sshd:ubuntu
sha256:f328073a034ae63f93114a92b62141f22a578131ecb663702ac17916bde456a2
[root@docker ~]#
使用docker images查看本地生成的新镜像sshd:ubuntu:
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
sshd ubuntu f328073a034a 2 minutes ago 284MB
centos 7 3fa822599e10 3 hours ago 204MB
mariadb latest d29cee62e770 26 hours ago 398MB
nginx latest 9e7424e5dbae 7 days ago 108MB
ubuntu 16.04 20c44cd7596f 12 days ago 123MB
ubuntu latest 20c44cd7596f 12 days ago 123MB
ubuntu 14.04 d6ed29ffda6b 12 days ago 221MB
busybox latest 6ad733544a63 3 weeks ago 1.13MB
centos latest d123f4e55e12 3 weeks ago 197MB
alpine latest 053cde6e8953 3 weeks ago 3.96MB
[root@docker ~]#
4.使用镜像
启动容器,并添加端口映射到容器的22端口:
[root@docker ~]# docker run -it --name sshd_ubuntu -p 10022:22 sshd:ubuntu
root@0f8481ffd0d0:/# netstat -lnutp|grep 22
root@0f8481ffd0d0:/# /usr/sbin/sshd -D &
[1] 16
root@0f8481ffd0d0:/# netstat -lnutp|grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 16/sshd
tcp6 0 0 :::22 :::* LISTEN 16/sshd
root@0f8481ffd0d0:/#
在宿主机通过ssh连接10022端口:
[root@docker ~]# ssh 10.0.0.31 -p 10022
The authenticity of host '[10.0.0.31]:10022 ([10.0.0.31]:10022)' can't be established.
ECDSA key fingerprint is 74:a1:80:00:85:17:d5:ec:57:7a:cb:cb:1e:7d:4a:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[10.0.0.31]:10022' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-98-generic x86_64) * Documentation: https://help.ubuntu.com/ The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law. root@0f8481ffd0d0:~#
2、使用Dockerfile创建
1.创建工作目录
[root@docker ~]# mkdir -p sshd_ubuntu
[root@docker ~]# ls
anaconda-ks.cfg daemon.json docker-pid sshd_ubuntu
[root@docker ~]#
在其中创建Dockerfile和run.sh文件:
[root@docker ~]# cd sshd_ubuntu/ && touch Dockerfile run.sh
[root@docker sshd_ubuntu]# ls
Dockerfile run.sh
[root@docker sshd_ubuntu]#
2.编写run.sh脚本和authorized_keys文件
[root@docker sshd_ubuntu]# vim run.sh
[root@docker sshd_ubuntu]# cat run.sh
#!/bin/bash
/usr/sbin/sshd -D &
[root@docker sshd_ubuntu]# cat /root/.ssh/id_rsa.pub > ./authorized_keys
[root@docker sshd_ubuntu]#
3.编写Dockerfile
[root@docker sshd_ubuntu]# cat Dockerfile
# 基础镜像信息
FROM ubuntu:14.04 # 维护者信息
MAINTAINER staryjie staryjie@163.com # 更新apt缓存、安装ssh服务
RUN apt-get update && apt-get install -y openssh-server
RUN mkdir -p /var/run/sshd /root/.ssh
RUN sed -ri 's#session required pam_loginuid.so#session required pam_loginuid.so#g' /etc/pam.d/sshd # 配置免密要和自启动脚本
ADD authorized_keys /root/.ssh/authorized_keys
ADD run.sh /run.sh
RUN chmod 755 /run.sh # 暴露22端口
EXPOSE 22 # 设置脚本自启动
CMD ["/run.sh"]
[root@docker sshd_ubuntu]#
4.创建镜像
[root@docker ~]# cd ~/sshd_ubuntu/ && docker build -t sshd:ubuntu2 .
Removing intermediate container e86118d7da77
Successfully built 12abdcc3350f
Successfully tagged sshd:ubuntu2
[root@docker sshd_ubuntu]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
sshd ubuntu2 12abdcc3350f 7 seconds ago 284MB
sshd ubuntu f328073a034a About an hour ago 284MB
centos 7 3fa822599e10 4 hours ago 204MB
mariadb latest d29cee62e770 27 hours ago 398MB
nginx latest 9e7424e5dbae 7 days ago 108MB
ubuntu 16.04 20c44cd7596f 12 days ago 123MB
ubuntu latest 20c44cd7596f 12 days ago 123MB
ubuntu 14.04 d6ed29ffda6b 12 days ago 221MB
busybox latest 6ad733544a63 3 weeks ago 1.13MB
centos latest d123f4e55e12 3 weeks ago 197MB
alpine latest 053cde6e8953 3 weeks ago 3.96MB
[root@docker sshd_ubuntu]#
5.测试镜像,运行容器
[root@docker sshd_ubuntu]# docker run -it --name ssh_test -p 10122:22 sshd:ubuntu2 bash
root@c03d5c93ec84:/# netstat -lnutp|grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 17/sshd
tcp6 0 0 :::22 :::* LISTEN 17/sshd
root@c03d5c93ec84:/#
宿主机ssh连接:
[root@docker ~]# ssh 10.0.0.31 -p 10122
The authenticity of host '[10.0.0.31]:10122 ([10.0.0.31]:10122)' can't be established.
ECDSA key fingerprint is 13:3a:46:78:aa:b0:ac:9b:75:1f:ba:99:82:c6:8b:76.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[10.0.0.31]:10122' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-98-generic x86_64) * Documentation: https://help.ubuntu.com/ The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law. root@c03d5c93ec84:~#